fix #4249 - allow EmailConfirmed property to be updated

Oqtane.Server/Managers/UserManager.cs

@@ -201,29 +201,27 @@ namespace Oqtane.Managers
             IdentityUser identityuser = await _identityUserManager.FindByNameAsync(user.Username);
             if (identityuser != null)
             {
-                var valid = true;
                 if (!string.IsNullOrEmpty(user.Password))
                 {
                     var validator = new PasswordValidator<IdentityUser>();
                     var result = await validator.ValidateAsync(_identityUserManager, null, user.Password);
-                    valid = result.Succeeded;
-                    if (valid)
+                    if (result.Succeeded)
                     {
                         identityuser.PasswordHash = _identityUserManager.PasswordHasher.HashPassword(identityuser, user.Password);
+                        await _identityUserManager.UpdateAsync(identityuser);
                     }
+                    else
+                    {
+                        _logger.Log(user.SiteId, LogLevel.Error, this, LogFunction.Update, "Unable To Update User {Username}. Password Does Not Meet Complexity Requirements.", user.Username);
+                        return null;
                     }
-                if (valid)
-                {
-                    if (!string.IsNullOrEmpty(user.Password))
-                    {
-                        await _identityUserManager.UpdateAsync(identityuser); // requires password to be provided
                 }
 
                 if (user.Email != identityuser.Email)
                 {
                     await _identityUserManager.SetEmailAsync(identityuser, user.Email);
 
-                        // if email address changed and user is not administrator, email verification is required for new email address
+                    // if email address changed and it is not confirmed, verification is required for new email address
                     if (!user.EmailConfirmed)
                     {
                         var alias = _tenantManager.GetAlias();
@@ -233,12 +231,13 @@ namespace Oqtane.Managers
                         var notification = new Notification(user.SiteId, user, "User Account Verification", body);
                         _notifications.AddNotification(notification);
                     }
-                        else
+                }
+
+                if (user.EmailConfirmed)
                 {
                     var emailConfirmationToken = await _identityUserManager.GenerateEmailConfirmationTokenAsync(identityuser);
                     await _identityUserManager.ConfirmEmailAsync(identityuser, emailConfirmationToken);
                 }
-                    }
 
                 user = _users.UpdateUser(user);
                 _syncManager.AddSyncEvent(_tenantManager.GetAlias(), EntityNames.User, user.UserId, SyncEventActions.Update);
@@ -248,10 +247,9 @@ namespace Oqtane.Managers
             }
             else
             {
-                    _logger.Log(user.SiteId, LogLevel.Error, this, LogFunction.Update, "Unable To Update User {Username}. Password Does Not Meet Complexity Requirements.", user.Username);
+                _logger.Log(user.SiteId, LogLevel.Error, this, LogFunction.Update, "Unable To Update User {Username}. User Does Not Exist.", user.Username);
                 user = null;
             }
-            }
 
             return user;
         }